API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 19th, 2018
98
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.04 KB | None | 0 0
raw download clone embed print report
  1. [Tue Jun 12 04:42:49.287055 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48QAAANQ"]
  2. [Tue Jun 12 04:42:49.638767 2018] [:error] [pid 6382:tid 139666967754496] [client 82.118.242.240:60512] [client 82.118.242.240] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:route. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:route: product/product<?php print(238947899389478923-34567343546345); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@X2Ixm1zgKek7CpeOAAAAQA"]
  3. [Tue Jun 12 04:42:49.638836 2018] [:error] [pid 6382:tid 139666967754496] [client 82.118.242.240:60512] [client 82.118.242.240] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:path: 950<?php print(238947899389478923-34567343546345); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@X2Ixm1zgKek7CpeOAAAAQA"]
  4. [Tue Jun 12 04:42:49.638884 2018] [:error] [pid 6382:tid 139666967754496] [client 82.118.242.240:60512] [client 82.118.242.240] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:product_id. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:product_id: 47765<?php print(238947899389478923-34567343546345); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@X2Ixm1zgKek7CpeOAAAAQA"]
  5. [Tue Jun 12 04:42:49.639658 2018] [:error] [pid 6382:tid 139666967754496] [client 82.118.242.240:60512] [client 82.118.242.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@X2Ixm1zgKek7CpeOAAAAQA"]
  6. [Tue Jun 12 04:42:49.723706 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48QAAANQ"]
  7. [Tue Jun 12 04:42:49.990891 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2f..%2f found within REQUEST_URI_RAW: /index.php?route=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48gAAANQ"]
  8. [Tue Jun 12 04:42:49.990961 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /index.php?route=../../../../../../etc/passwd&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48gAAANQ"]
  9. [Tue Jun 12 04:42:49.990999 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /index.php?route=../../../../../../etc/passwd&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48gAAANQ"]
  10. [Tue Jun 12 04:42:49.991076 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:route. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:route: ../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48gAAANQ"]
  11. [Tue Jun 12 04:42:49.991826 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48gAAANQ"]
  12. [Tue Jun 12 04:42:50.269972 2018] [:error] [pid 6382:tid 139666967754496] [client 82.118.242.240:60512] [client 82.118.242.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=15,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@X2Ixm1zgKek7CpeOAAAAQA"]
  13. [Tue Jun 12 04:42:50.483010 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@VJGeHtg4yPU@bt48gAAANQ"]
  14. [Tue Jun 12 04:42:50.834085 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  15. [Tue Jun 12 04:42:50.834274 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Found 1 byte(s) in ARGS:route outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  16. [Tue Jun 12 04:42:50.834777 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?route=../../../../../../etc/passwd%00&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  17. [Tue Jun 12 04:42:50.834885 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /index.php?route=../../../../../../etc/passwd%00&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  18. [Tue Jun 12 04:42:50.834969 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /index.php?route=../../../../../../etc/passwd\\x00&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  19. [Tue Jun 12 04:42:50.835031 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /index.php?route=../../../../../../etc/passwd&path=935"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  20. [Tue Jun 12 04:42:50.835127 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /index.php?route=../../../../../../etc/passwd&path=9355"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  21. [Tue Jun 12 04:42:50.835392 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:route. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:route: ../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  22. [Tue Jun 12 04:42:50.836950 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 38)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  23. [Tue Jun 12 04:42:50.875550 2018] [:error] [pid 6390:tid 139666778937088] [client 82.118.242.240:60952] [client 82.118.242.240] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:route. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:route: product/product<?php print(238947899389478923-34567343546345); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@vQkHfjQI6bH9BSqWAAAAJI"]
  24. [Tue Jun 12 04:42:50.875689 2018] [:error] [pid 6390:tid 139666778937088] [client 82.118.242.240:60952] [client 82.118.242.240] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:path: 950<?php print(238947899389478923-34567343546345); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@vQkHfjQI6bH9BSqWAAAAJI"]
  25. [Tue Jun 12 04:42:50.875877 2018] [:error] [pid 6390:tid 139666778937088] [client 82.118.242.240:60952] [client 82.118.242.240] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:product_id. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:product_id: 47756<?php print(238947899389478923-34567343546345); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@vQkHfjQI6bH9BSqWAAAAJI"]
  26. [Tue Jun 12 04:42:50.877689 2018] [:error] [pid 6390:tid 139666778937088] [client 82.118.242.240:60952] [client 82.118.242.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@vQkHfjQI6bH9BSqWAAAAJI"]
  27. [Tue Jun 12 04:42:51.358558 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 38 - SQLI=0,XSS=0,RFI=0,LFI=30,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@lJGeHtg4yPU@bt48wAAANQ"]
  28. [Tue Jun 12 04:42:51.568068 2018] [:error] [pid 6390:tid 139666778937088] [client 82.118.242.240:60952] [client 82.118.242.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=15,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@vQkHfjQI6bH9BSqWAAAAJI"]
  29. [Tue Jun 12 04:42:51.648890 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@1JGeHtg4yPU@bt49AAAANQ"]
  30. ^C[Tue Jun 12 04:42:51.648991 2018] [:error] [pid 8133:tid 139666757957376] [client 188.79.255.125:64360] [client 188.79.255.125] ModSecurity: Warning. Found 1 byte(s) in ARGS:route outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.libertybooks.com"] [uri "/index.php"] [unique_id "Wx8I@1JGeHtg4yPU@bt49AAAANQ"]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!